Login/Register
Use SSH Key from Jenkins Git Plugin to Run Git Commands During Build
Asked Answered
gitjenkinssshslave
A

2

7

Our build job on Jenkins runs as part of a release build some git commands like git push and git pull, therefore requires a way to run authenticated git commands from the shell during the build.

Our jenkins slaves don't hold any credentials as they are disposable docker containers that are created per build.

The git plugin manages this with the Jenkins credentials and "somehow" sets GIT_SSH to pick up a private key that is configured via the credentials.

I checked the source code and tried to determine how I can get the variable configured so that I can run for example git pull as an SSH script as part of the build. Without success.

Is there a way to run a git command as part of the build steps using the Jenkins credentials?

My current solution is to copy the SSH key to the slave as part of the build environment setup but seems like duplicate work (plus potential security issue).

Amand answered 22/9, 2016 at 19:8 Comment(2)
can you add the public key of the slave machine in github through command line?Starryeyed
each slave is a disposable docker container that has no SSH key or any setup to support this would be more complex than the copy I do at the moment I thinkAmand
G
2

I couldn't figure this out for a while too. So although almost three years old I'll post my solution for using a private SSH Key. It may also be adaptable user/password combinations.

  1. Add the key to the credentials section as kind "SSH Username with private key".

  2. In the build project use the "Bindings" (You need to tick the "Use secret text(s) or file(s)" in the Build Environment to make it available) to store the credential information in environment variables:

    enter image description here

  3. Now comes the tricky part on how to use the key in the git call. I chose GIT_SSH environment variable since the is the most backward compatible way. In order to make that work you need to create a wrapper script that contains the ssh call using the path to the key file provided in SSH_KEYFILE. One may find a better solution to create that script. For me the following shell commands worked:

    #!/bin/bash
set +x

SSH_WRAPPER_SCRIPT=/tmp/ssh_wrapper

# delete pre-existing script
[[ -f $SSH_WRAPPER_SCRIPT ]] && rm $SSH_WRAPPER_SCRIPT

# create wrapper script with current keyfile path from bindings variable
echo "#!/bin/sh" >> $SSH_WRAPPER_SCRIPT
echo "exec /usr/bin/ssh -i ${SSH_KEYFILE} \"\$@\"" >> $SSH_WRAPPER_SCRIPT
chmod +x $SSH_WRAPPER_SCRIPT

# set GIT_SSH env var to use wrapper script
export GIT_SSH=$SSH_WRAPPER_SCRIPT

# now run your actual git commands here
git ls-remote -h [email protected]:some_repo.git HEAD
Geniculate answered 16/8, 2019 at 7:40 Comment(3)
Unfortunately, the image in the answer above is no longer available. So I'll quickly summarize its content here: (1) Install the "Credentials Binding Plugin" (2) Then, the project configuration contains "Build Environment - Use secret text(s) or file(s)" (3) With the latest version as of Jan 2020, select "SSH User Private Key" binding and enter "SSH_KEYFILE" as "Key File Variable". Then the above solution will work.Gerhard
I sill can see the image and open the link in a separate browser without issue. As of January 2020 it still works fine.Geniculate
Oh, then it must be a problem with my proxy configuration or internet connection.Gerhard
I
-2

If running sharing credentials via git is essential, give the git client plugin a try but if you really want to just share/store credentials, consider using credentials plugin or something similar.

Note that you can also just run a shell script "after install" that can run whatever commands you need to execute on the machine.

Impedance answered 23/9, 2016 at 1:42 Comment(1)
I don't think I get it, the plugins will not help for the issue mentioned. The shell script is what I am doing at the moment with the copy (well, not a shell script but a build environment step).Amand

© 2022 - 2024 — McMap. All rights reserved.